Upload SAST results to quay.io

Configure the SAST task to upload SARIF results to quay.io for long-term storage
freeipa · Sep 5, 2024 · 2f4c1b2 · 2f4c1b2
1 parent 73db355
commit 2f4c1b2
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/.tekton/ipa-tuura-pull-request.yaml b/.tekton/ipa-tuura-pull-request.yaml
@@ -314,7 +314,7 @@ spec:
  - "false"
  - name: sast-snyk-check
  runAfter:
- - clone-repository
+ - build-container
  taskRef:
  params:
  - name: name
@@ -332,6 +332,11 @@ spec:
  workspaces:
  - name: workspace
  workspace: workspace
+ params:
+ - name: image-digest
+ value: $(tasks.build-container.results.IMAGE_DIGEST)
+ - name: image-url
+ value: $(tasks.build-container.results.IMAGE_URL)
  - name: clamav-scan
  params:
  - name: image-digest

diff --git a/.tekton/ipa-tuura-push.yaml b/.tekton/ipa-tuura-push.yaml
@@ -311,7 +311,7 @@ spec:
  - "false"
  - name: sast-snyk-check
  runAfter:
- - clone-repository
+ - build-container
  taskRef:
  params:
  - name: name
@@ -329,6 +329,11 @@ spec:
  workspaces:
  - name: workspace
  workspace: workspace
+ params:
+ - name: image-digest
+ value: $(tasks.build-container.results.IMAGE_DIGEST)
+ - name: image-url
+ value: $(tasks.build-container.results.IMAGE_URL)
  - name: clamav-scan
  params:
  - name: image-digest